Review of Resource Public Key Infrastructure (RPKI) to verify ownership and authenticity of telephone caller ID over Voice over Internet Protocol

10 July 2015

As part of its strategic technology programme, Ofcom commissioned Wik Consulting to conduct an independent review of Resource Public Key Infrastructure's (RPKI) technical suitability to help address the problem of verifying ownership and authenticity of telephone caller ID (otherwise known as Calling Line Identity or CLI).

RPKI is already used by IP network operators to validate "holdership" of particular IP network number resources against the issuing Regional Internet Registry (RIR). It is used to address the accidental or malicious phenomenon known as "Route Hijacking", where a network announces a resource or route that it is not necessarily entitled to announce. RPKI provides a means of authenticating routing announcements to mitigate this problem.

The problem of validating a telephone caller ID shares many similar attributes this problem that RPKI was designed to solve. Ofcom commissioned the study by Wik consulting to further understand the benefits of, and barriers to equivalent cryptographic validation of CLI using. The international standards community is already examining the potential application of RPKI and other techniques to CLI validation, in part to help reduce the problems called by "CLI spoofing" where the identity of the caller is deliberately masked by the use of invalid or "hijacked" CLI for potentially malicious purposes.

Ofcom's technical programme enables us tokeep up to date with technologies and trends, so that we can be in the best possible position to execute our regulatory duties. In many cases, we do not conduct investigations in-house but make use of external resources, such as private commercial organisations, university departments and government funded research institutions. This report presents the findings of technical work conducted on Ofcom's behalf. The opinions and conclusions stated within these reports are those of the organisations who conducted the work and may not reflect the view of Ofcom or imply any future policy work in related areas. Ofcom is not responsible for the content or accuracy of these reports.

Full report

Review of Resource Public Key Infrastructure (RPKI) to verify ownership and authenticity of telephone caller ID over Voice over Internet Protocol (PDF, 719.9 KB)
Full Print Version